// npm 패키지
@xapp/stentor-service-lex
Service to communicate with AWS LEX for :mega: stentor
버전
1347
메인테이너
5
라이선스
Apache-2.0
최초 publish
2020-05-18
publisher
michaelmyers
tarball
198,116 B
AUTO-PUBLISHED·1개 버전 인덱싱됨·최근 publish: 2026-06-04
// exfil path
what is read → where it shipssteals
- ● AWS keys
sends to
(no destination string extracted — payload may be dynamic / obfuscated)
→ view full payload// publisher 캠페인by michaelmyers
이 계정에서 catch된 패키지 2건고립된 catch가 아닙니다. 동일 publisher가 1개의 다른 패키지를 추가로 발행했고, 모두 파이프라인이 catch했습니다 — 일회성이 아닌 조직적 캠페인의 형태. 아래 링크는 각 형제 catch의 분석으로 이동합니다.
// offending code· @1.85.1· 3 files flagged
- @1.85.1··AUTO-PUBLISHED·publisher: michaelmyersheuristic 64/100static flags 2llm skippednew-publisher:16dmature-packagepublisher-multi-name-burst:10publisher-version-pump:11reads-aws-credsreads-env-vars
// offending code· 3 files flaggedpatterns: 2
--- package/lib/AWSCredentialsRetriever.js (excerpt) --- "use strict"; var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } step((generator = generator.apply(thisArg, _arguments || [])).next()); }); }; Object.defineProperty(exports, "__esModule", { value: true }); exports.AWSCredentialsRetriever = void 0; /*! Copyright (c) 2020, XAPPmedia */ const client_sts_1 = require("@aws-sdk/client-sts"); /** * Buffer time (in milliseconds) before actual expiration to refresh credentials. * Default is 5 minutes (300000ms) to ensure credentials don't expire during a request. */ const CREDENTIAL_EXPIRATION_BUFFER_MS = 5 * 60 * 1000; class AWSCredentialsRetriever { constructor(props = {}, awsProps = {}) { this.hasStaticCredentials = false; const { sts = new client_sts_1.STSClient({}) } = awsProps; this.config = props; this.sts = sts; } /** * Check if cached credentials are expired or about to expire. * Returns true if credentials need to be refreshed. --- package/lib/LexV2/translators/TranslateToLexBotRequest.js (excerpt) --- "use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.TranslateToLexBotRequest = void 0; const patterns_1 = require("@xapp/patterns"); const utils_1 = require("./utils"); const merge = require("lodash.merge"); class TranslateToLexBotRequest extends patterns_1.Translator { constructor(props) { super(); if (props) { this.props = merge(this.props, props); } } translate(input, props) { if (props) { this.props = merge(this.props, props); } const { credentials, childDirected, botDescription, idleSessionTTLInSeconds } = this.props; // prefer botId since we don't need to look it up const botId = this.props.botId || undefined; // if botId exists, set botName to undefined otherwise use the botName or generate one (generating one creates a new bot) const botName = botId ? undefined : (this.props.botName || TranslateToLexBotRequest.generateBotName(input.ovaiApp)); return { botId, botName, dataPrivacy: { childDirected }, idleSessionTTLInSeconds, roleArn: credentials.role.arn, description: botDescription }; } static generateBotName(appId) { return process.env.LEX_BOT_NAME || `STUDIO-Bot-${appId}`; } /** * Compares the descriptions to see if they have changed. * * @param request * @param s --- package/lib/LexV2/services/LexServiceBaseV2.js (excerpt) --- "use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.LexServiceBaseV2 = void 0; /*! Copyright (c) 2020, XAPPmedia */ const client_lex_runtime_v2_1 = require("@aws-sdk/client-lex-runtime-v2"); const client_lex_models_v2_1 = require("@aws-sdk/client-lex-models-v2"); const credential_providers_1 = require("@aws-sdk/credential-providers"); const AWSCredentialsRetriever_1 = require("../../AWSCredentialsRetriever"); const merge = require("lodash.merge"); /** * Service to communicate with AWS LEX V2. * * Accommodates both runtime and management. * */ class LexServiceBaseV2 { constructor(props) { var _a, _b, _c, _d, _e, _f; this.config = { localeId: "en_US", voiceId: "Ivy", botVersion: "DRAFT", // it HAS to be draft for new childDirected: false, nluConfidenceThreshold: 0.4, idleSessionTTLInSeconds: 600, botId: process.env.LEX_BOT_ID, botAliasId: process.env.LEX_BOT_ALIAS_ID, // For now we have to enforce this until we figure out how to create real aliases. // For real aliases we need a fully built locale which we don't/can't wait for. // Associated with the draft at create time. botAlias: "TestBotAlias", botName: process.env.LEX_BOT_NAME, credentials: { region: process.env.AWS_DEFAULT_REGION, accessKeyId: process.env.AWS_ACCESS_KEY
